Due to a problem with HTTP multipart handling in the CUPS scheduler, some browsers did not work as expected when attempting to add a printer using the web interface. A change from a later version has been backported enabling adding printers in all browsers without problems.

It was not possible to disable Secure Sockets Layer (SSLv3) and keep other secure protocols enabled in CUPS. This left CUPS users vulnerable to the POODLE attack (CVE-2014-3566), and needing to deploy the stunnel utility for mitigation. This update disables SSLv3 support by default. For users who need to continue using SSLv3, an SSLOptions configuration directive has been added to the cupsd.conf file for the cupsd service and to the client.conf file for the client programs.

When the BrowsePoll configuration directive was used and the remote server configured for polling forbade access, the cups-polld process retried accessing immediately in a busy loop. The process consumed all processor time and increased network traffic. With this update, a mandatory delay of ten seconds has been introduced to prevent that. Affected users should also fix their configuration by removing the BrowsePoll line for the server, or adjusting the server to allow remote queries.

The CUPS scheduler incorrectly assumed the print queue still existed when there were only implicit classes with all members deleted due to being unresponsive. When sending a job using separate Create-Job and Send-Document requests to an implicit class whose members were being deleted, the CUPS scheduler terminated unexpectedly with a NULL dereference. The scheduler has been amended to respond with an error instead of crashing in this case.

A missing NULL check in job processing code caused the CUPS scheduler to terminate unexpectedly when a job with more than one file aborted due to a filter failure. This update adds the check to prevent the CUPS scheduler from crashing in the described situation.

The ErrorPolicy configuration directive was not validated on startup, and an unintended default error policy could be used without a warning. The directive is now validated on startup and reset to the default if the configured value is incorrect. The intended policy is used, or a warning message is logged.

Due to an incomplete fix in a prior update, some environment variables were not correctly set on startup, which led to SELinux denials. The remainder of the original fix has been added, and the variables are now set correctly on startup.

It is now possible to direct jobs to a single printer with failover to other printers instead of using load balancing among printers that is built into CUPS. Jobs can be directed to the first working printer of a set, the preferred printer, with other printers used only if the preferred one is unavailable.

Description of the ErrorPolicy directive with supported values has been added to the cupsd.conf(5) man page. The ErrorPolicy directive defines the default policy used when a back end is unable to send a print job to the printer.

Users of CUPS are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the cupsd service will be restarted automatically.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.